Every day in the connected world we have to login to numerous different sites for banking or shopping, let alone email and social media – and we are told not to use the same password for each one. In this article we will look why so many passwords are needed and how to create passwords that are unique but easy to remember and don’t need to be written down.
Why you need so many passwords
We’ll start with an explanation about why shared passwords are risky, but if you are not interested in the details and want the tips, see below.
When you first enter a password on a website it converts it into a new form using a special method (called a cryptographic hash function or hash for short) and then only stores the converted form. The methods are so complicated that the original value cannot be recovered from the converted form, it cannot be decoded, so when you visit the website again and enter the password again, it performs the same conversion and then compares the converted values. Even subtle changes give completely different values.
eggs --> ab92d9fae5ee7975c7735376ec60851b Eggs --> 9890f06976131702b942e59eda2f750a
When a website is hacked, the hackers grab the list of codes. They cannot decode them, but as the methods to convert (hash) passwords are few and far between, the hackers know the methods too. So they write programs that take every word in a dictionary and convert them with the same method (hash) and then look up the stolen codes in their dictionary of codes. The hackers use many different language dictionaries and know all about substituting numbers for letters and add these to their dictionary of codes. To combat this, traditional rules suggest using a complex mix of letters in different cases, numbers and punctuation that won’t be in one of hackers’ dictionary of codes – this complexity makes a secure password very difficult to remember.
Hackers know that people re-use usernames and passwords so if they grab the password from an obscure site, you can be sure they will use that information on all the popular sites to see if they can get access. They can do this check of other sites very quickly after the first hack and they sell the information on so never go back to an old password. For these reasons you really do need a different password on each site but it isn’t as hard as you might fear.
Rather than trying to remember 8 characters of fiendishly difficult gobbledegook, another method is to use longer, easier to remember set of words. Using the opening line of a well known poem is open to the same dictionary attacks that single words are, but if you combine an assortment of easy to remember information then you have the makings of a good password – here are some examples:
- Favourite teacher’s name
- Favourite food
- Favourite dog breed
- Best holiday destination
- Best friend’s middle name
- Number of house you first lived at
- First telephone number
If each of these was written out in full it would be very cumbersome to use as a password, but using the first four characters from two words and one number gives something memorable, the base for our unique passwords. For example:
This type of information might be known by someone else and some of it may even be on your social media profile, but there is a limitless range of information that is special to you and so it would take a lot of effort for anyone to find this out. If you are not super-wealthy, a politician or a celebrity it is unlikely to be worth anyone’s while.
So far we have only one password – but we want a different one for each site. To create this we add the first 4 characters of the site name to your personal password. So for Google and Facebook we have the following memorable passwords and converted forms to show how different they are.
GoogJohn79Gree --> e80e7876a45de840c774e8789aa8181d FaceJohn79Gree --> c7c2fab4f5c10defd49de551b32277f0
Technically we have created salted passwords and their MD5 hashes.
Method for creating a unique, easy to remember password for each site
Use this method for creating a unique memorable password – for an explanation see above.
- Choose two unrelated memorable words and one number
Greece, Johnstone, 79
- Reduce them to the first 4 characters of each
- Gree, John, 79
- Combine them in any order you like, memorise this and use it as the base of all your passwords
- Identify the first 4 characters of the website
- Facebook à Face
- Add the shortened website name to your personal information, in any order, but be consistent to make it memorable
Hey presto you have created one memorable password base and can use this to create a unique and memorable password for all the sites you visit in the connected world.
We hope you like this method, please let us know if you find it useful or you have any other suggestions using the comments form below. In the future we’ll look at managing your passwords as part of a digital will. Please let us know if you have any other questions about living online for Smart Ageing.
Image altered and used under a creative commons licence